Data Insight - CVE-2022-42889 vulnerability in Apache Commons Text, dubbed "Text4Shell"

Question

Is DI vulnerable to the newly disclosed vulnerability?This is not log4shell and is a new disclosure.&nbsp;Thank youPix&nbsp;&nbsp;

manojchanchawat · Accepted Answer

Data Insight does not use the mentioned module in the&nbsp;Apache Commons Text library.&nbsp;Hence DI is not impacted by this Remote Code Execution (RCE) vulnerability. However, we always recommend customers go with the latest DI version upgrade, as it contains security upgrades and fixes.&nbsp;Please reach out to your support engineer for more details and an official response.&nbsp;
I often refrain from commenting on the issues here, which have "Open\In-progress" veritas support cases under investigation, but this was important.&nbsp;

pix_r · Answer

Thank you Manoj. I did open a case as I needed an official statement.I appreciate the quick response.

Forum Discussion

Data Insight - CVE-2022-42889 vulnerability in Apache Commons Text, dubbed "Text4Shell"

2 Replies

Related Content

Is netbackup master server affected by CVE-2022-42889?

CVE-2023-38545/6 security vulnerability.

CPU vulnerability Meltdown

OpenSSL vulnerability <Security>

EV 14.1 and Telerik vulnerability

Recent Discussions

Writing Made Easy: Tips and Tricks with Book Writing Helper

DI integration with EV

DI version 6.6 vs DI6.5.2

What is the expected behavior during Indexer Migration in DI?

Reporting on user fails to bulk add users in Data Insight